{
 "cells": [
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "[toc]\n",
    "\n",
    "> 原文地址 https://www.linuxidc.com/Linux/2016-12/138979.htm\n",
    "\n",
    "## [CentOS](http://www.linuxidc.com/topicnews.aspx?tid=14 \"CentOS\")6.5\n",
    "\n",
    "###  CentOS6.5查看防火墙的状态\n",
    "\n",
    "```sh\n",
    "service iptable status\n",
    "```\n",
    "\n",
    "显示结果：\n",
    "\n",
    "```sh\n",
    "[linuxidc@localhost ~]$service iptable status\n",
    "Redirecting to /bin/systemctl status  iptable.service\n",
    "● iptable.service\n",
    "   Loaded: not-found (Reason: No such file or directory)\n",
    "   Active: inactive (dead)  --表示防火墙已经关闭\n",
    "```\n",
    "\n",
    "### CentOS 6.5 关闭防火墙\n",
    "\n",
    "- 临时关闭防火墙\n",
    "```sh\n",
    "servcie iptables stop\n",
    "```\n",
    "- 永久关闭防火墙\n",
    "```sh\n",
    "chkconfig iptables off\n",
    "```\n",
    "\n",
    "## CentOS 7.2\n",
    "\n",
    "### 查看防火墙状态\n",
    "\n",
    "关闭后显示 not running，开启后显示 running\n",
    "```sh\n",
    "firewall-cmd --state\n",
    "```\n",
    "或者\n",
    "```sh\n",
    "systemctl list-unit-files|grep firewalld.service\n",
    "```\n",
    "\n",
    "或者\n",
    "\n",
    "```sh\n",
    "systemctl status firewalld.service\n",
    "```\n",
    "\n",
    "### 其他常用命令\n",
    "\n",
    "- 启动服务：systemctl start firewalld.service\n",
    "- 关闭服务：systemctl stop firewalld.service\n",
    "- 重启服务：systemctl restart firewalld.service\n",
    "- 显示服务的状态：systemctl status firewalld.service\n",
    "- 在开机时启用服务：systemctl enable firewalld.service\n",
    "- 在开机时禁用服务：systemctl disable firewalld.service\n",
    "- 查看服务是否开机启动：systemctl is-enabled firewalld.service;echo $?\n",
    "- 查看已启动的服务列表：systemctl list-unit-files|grep enabled\n",
    "\n",
    "## Centos 7 firewall 命令\n",
    "\n",
    "### 查看已经开放的端口\n",
    "\n",
    "```sh\n",
    "firewall-cmd --list-ports\n",
    "```\n",
    "\n",
    "### 开启端口\n",
    "\n",
    "```sh\n",
    "firewall-cmd --zone=public --add-port=80/tcp --permanent\n",
    "\n",
    "# 删除一个端口\n",
    "firewall-cmd --zone=public --remove-port=80/tcp --permanent\n",
    "\n",
    "# 开放多个端口\n",
    "firewall-cmd --zone=public --add-port=10000-10020/tcp --permanent\n",
    "```\n",
    "\n",
    "命令含义\n",
    "\n",
    "- --zone #作用域\n",
    "- --add-port=80/tcp #添加端口，格式为：端口 / 通讯协议\n",
    "- permanent #永久生效，没有此参数重启后失效\n",
    "\n",
    "### 重启防火墙\n",
    "\n",
    "```sh\n",
    "firewall-cmd --reload #重启firewall\n",
    "systemctl stop firewalld.service #停止firewall\n",
    "systemctl disable firewalld.service #禁止firewall开机启动\n",
    "firewall-cmd --state #查看默认防火墙状态（关闭后显示notrunning，开启后显示running）\n",
    "```\n",
    "\n",
    "## CentOS 7 以下版本 iptables 命令\n",
    "\n",
    "如要开放 80，22，8080 端口，输入以下命令即可\n",
    "\n",
    "```sh\n",
    "/sbin/iptables -I INPUT -p tcp --dport 80 -j ACCEPT\n",
    "/sbin/iptables -I INPUT -p tcp --dport 22 -j ACCEPT\n",
    "/sbin/iptables -I INPUT -p tcp --dport 8080 -j ACCEPT\n",
    "```\n",
    "\n",
    "然后保存：\n",
    "\n",
    "```sh\n",
    "/etc/rc.d/init.d/iptables save\n",
    "```\n",
    "\n",
    "查看打开的端口：\n",
    "\n",
    "```sh\n",
    "/etc/init.d/iptables status\n",
    "```\n",
    "\n",
    "### 关闭防火墙   \n",
    "\n",
    "1. 永久性生效，重启后不会复原\n",
    "\n",
    "开启： chkconfig iptables on\n",
    "\n",
    "关闭： chkconfig iptables off\n",
    "\n",
    "2. 即时生效，重启后复原\n",
    "\n",
    "开启： service iptables start\n",
    "\n",
    "关闭： service iptables stop\n",
    "\n",
    "3. 查看防火墙状态： service iptables status\n",
    "\n",
    "## CentOS7 和 6 的默认防火墙的区别\n",
    "\n",
    "CentOS 7 默认使用的是 firewall 作为防火墙，使用 iptables 必须重新设置一下\n",
    "\n",
    "1、直接关闭防火墙\n",
    "\n",
    "```sh\n",
    "systemctl stop firewalld.service # 停止 firewall\n",
    "systemctl disable firewalld.service # 禁止 firewall 开机启动\n",
    "```\n",
    "\n",
    "2、设置 iptables service\n",
    "\n",
    "```sh\n",
    "yum -y install iptables-services\n",
    "```\n",
    "\n",
    "如果要修改防火墙配置，如增加防火墙端口 3306\n",
    "\n",
    "```sh\n",
    "vi /etc/sysconfig/iptables\n",
    "```\n",
    "\n",
    "增加规则\n",
    "```sh\n",
    "-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT\n",
    "```\n",
    "保存退出后\n",
    "\n",
    "```sh\n",
    "systemctl restart iptables.service # 重启防火墙使配置生效\n",
    "systemctl enable iptables.service  # 设置防火墙开机启动\n",
    "```\n",
    "\n",
    "最后重启系统使设置生效即可。\n",
    "```sh\n",
    "systemctl start iptables.service # 打开防火墙\n",
    "systemctl stop iptables.service  # 关闭防火墙\n",
    "```\n",
    "\n",
    "### 解决主机不能访问虚拟机 CentOS 中的站点\n",
    "\n",
    "前阵子在虚拟机上装好了 CentOS6.2，并配好了 apache+php+mysql，但是本机就是无法访问。一直就没去折腾了。\n",
    "\n",
    "具体情况如下\n",
    "\n",
    "> 1. 本机能 ping 通虚拟机\n",
    "> \n",
    "> 2. 虚拟机也能 ping 通本机\n",
    "> \n",
    "> 3. 虚拟机能访问自己的 web\n",
    "> \n",
    "> 4. 本机无法访问虚拟机的 web\n",
    "\n",
    "后来发现是**防火墙将 80 端口屏蔽了的缘故。** \n",
    "\n",
    "检查是不是服务器的 80 端口被防火墙堵了，可以通过命令：telnet server_ip 80 来测试。\n",
    "\n",
    "解决方法如下：\n",
    "\n",
    "> /sbin/iptables -I INPUT -p tcp --dport 80 -j ACCEPT\n",
    "\n",
    "然后保存：\n",
    "\n",
    "> /etc/rc.d/init.d/iptables save\n",
    "\n",
    "重启防火墙\n",
    "\n",
    "> /etc/init.d/iptables restart\n",
    "\n",
    "CentOS 防火墙的关闭，关闭其服务即可：\n",
    "\n",
    "> 查看 CentOS 防火墙信息：/etc/init.d/iptables status\n",
    "> \n",
    "> 关闭 CentOS 防火墙服务：/etc/init.d/iptables stop\n",
    "\n",
    "更多 CentOS 相关信息见[CentOS](https://www.linuxidc.com/topicnews.aspx?tid=14)专题页面[http://www.linuxidc.com/topicnews.aspx?tid=14](https://www.linuxidc.com/topicnews.aspx?tid=14 \"CentOS\")\n",
    "\n",
    "**本文永久更新链接地址**：[http://www.linuxidc.com/Linux/2016-12/138979.htm](https://www.linuxidc.com/Linux/2016-12/138979.htm)"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": null,
   "metadata": {},
   "outputs": [],
   "source": []
  }
 ],
 "metadata": {
  "kernelspec": {
   "display_name": "Python 3",
   "language": "python",
   "name": "python3"
  },
  "language_info": {
   "codemirror_mode": {
    "name": "ipython",
    "version": 3
   },
   "file_extension": ".py",
   "mimetype": "text/x-python",
   "name": "python",
   "nbconvert_exporter": "python",
   "pygments_lexer": "ipython3",
   "version": "3.7.3"
  },
  "toc": {
   "base_numbering": 1,
   "nav_menu": {},
   "number_sections": true,
   "sideBar": true,
   "skip_h1_title": false,
   "title_cell": "Table of Contents",
   "title_sidebar": "Contents",
   "toc_cell": false,
   "toc_position": {
    "height": "calc(100% - 180px)",
    "left": "10px",
    "top": "150px",
    "width": "196.352px"
   },
   "toc_section_display": true,
   "toc_window_display": true
  },
  "varInspector": {
   "cols": {
    "lenName": 16,
    "lenType": 16,
    "lenVar": 40
   },
   "kernels_config": {
    "python": {
     "delete_cmd_postfix": "",
     "delete_cmd_prefix": "del ",
     "library": "var_list.py",
     "varRefreshCmd": "print(var_dic_list())"
    },
    "r": {
     "delete_cmd_postfix": ") ",
     "delete_cmd_prefix": "rm(",
     "library": "var_list.r",
     "varRefreshCmd": "cat(var_dic_list()) "
    }
   },
   "types_to_exclude": [
    "module",
    "function",
    "builtin_function_or_method",
    "instance",
    "_Feature"
   ],
   "window_display": false
  }
 },
 "nbformat": 4,
 "nbformat_minor": 2
}
